CxSuite pplication ity Made Easy - Checkmarx...Checkmarx is the leading provider for source code...
Transcript of CxSuite pplication ity Made Easy - Checkmarx...Checkmarx is the leading provider for source code...
Checkmarx Suite® is the most powerful Source Code Analysis
CxSuite
categories, operating system (OS) platforms, programming languages and frameworks. By integrating into the Software Development Life Cycle (SDLC), Checkmarx’s automatic code review suite allows organizations to address the challenge of securing the code while cutting down on time and costs.
The widest range of vulnerability checks• Virtually zero false-positive results• Hundreds of out-of-the-box security queries•
• Integration into the SDLC•
• Graphical representation of discovered vulnerabilities•
Scan unbuilt code - without a compiler
The Virtual Compiler enables developers to test code anywhere, anytime, while avoiding problems of compiler and operating system compatibility. Developers can test uncompiled and unlinked code, their independent modules or any other application subsets in a true developer desktop deployment that reinforces good security awareness and practices as the code is written
Visualization of vulnerabilities is the key to quick remediation of insecure code. The CxSuite presents all the
.ymotana lluf s’ytilibarenluv eht ebircsed taht sliated htapA sophisticated patented engine locates and graphically presents a full attack path in the code for quick review.
of vulnerable lines of code for remediation.
CHECKMARX PATENTED
VIRTUAL COMPILER
THE NEXT GENERATION OF CODE AUDITINGOnly with Checkmarx can auditors test code at the earliest stages of the SDLC. Further, auditors can easily conduct spot checks without worrying about duplicating development environments. This is especially important for complex legacy applications where auditors can quickly inspect code with no setup.
IT’S ALL ABOUT
ACCURACY
CxSuite IS DESIGNED FOR ACCURATE AND EFFECTIVE RESULTS:
Manage the RisksSOURCE CODE ANALYSISCxSuite®
Checkmarx Ltd. • +1.917.470.9501 • www.checkmarx.com • [email protected]
Application Security Made Easy
Detailed reports help you visualize and prioritize your
Supported coding languages:
Extremely accurate
Patened Virtual Compiler
A
Next generation query language
Vulnerability coverage
Business logic vulnerability review
Coding practice enforcement
User hierarchy support
Results reporting & export
Multitier architecture
Checkmarx is the leading provider for source code analysis. Founded in 2006, Checkmarx provides comprehensive solutions for automated security code review. Its technology is used by large corporations and small and medium-sized organizations across all industries. Checkmarx pioneered the concept of a query language-based solution for tracking technical and logical code vulnerabilities, and continues to bring new
hacker free world.
SQL Injection• Cross-site scripting• Code injection•
• Parameter tampering• Cross-site request forgery• HTTP splitting• Log forgery• DoS•
• Session poisoning• Unhandled exceptions• Unreleased resources• Unvalidated input• URL redirection attack•
• Hardcoded password• And more…•
INDUSTRY VULNERABILITY CLASSIFICATION: OWASP top 10, SANS 25, PCI, mitre CWE
ABOUT CHECKMARX
Virtually zero false-positives provide an
Scan unbuilt code—without a compiler
Each vulnerability attack path is fully presented for easy investigation
An intuitive query language is available for tailoring checks to customer needs
Hundreds of out of the box security checks suited for every organization
Unmatched capability of investigating
Customization of queries allows
Extensive user and privilege management capabilities
Full dashboard report for Projects, Tasks. Export to numerous formats: xml, csv, etc. Integration with ticketing systems
Manager server, multiple scan engines and click-once thin clients
CAPABILITIES
OUT OF THE BOX VULNERABILITY QUERY SAMPLES:
DESCRIPTION AND ADVANTAGES
Virtually unlimited project size• Supports all major development languages • from multiple OS platforms. Web services, websites and client-server based • applications support Enforces coding practices and regulatory • requirements (PCI, HIPAA, SOX, and more...) Hundreds of out of the box security checks and • compliance standards
COUNTLESS SCALABILITY FEATURES FOR EFFECTIVE INTEGRATION INTO THE SDLC:
Investigate the Scans
Application Security Made Easy
Quickly identify the exact place in the code to eliminate each vulnerability.
Checkmarx Ltd. • +1.917.470.9501 • www.checkmarx.com • [email protected]